BIND 9.11.0 RPZ performance issue

Mukund Sivaraman muks at
Tue Oct 18 19:56:10 UTC 2016

Hi Bob

On Tue, Oct 18, 2016 at 03:26:00PM -0400, Bob Harold wrote:
> On Tue, Oct 18, 2016 at 3:26 AM, Mukund Sivaraman <muks at> wrote:
> >
> > Firstly, RPZ in BIND 9.9 (vanilla) is broken, unmaintained and should
> > not be used by anyone. If you know people using BIND 9.9 (vanilla) for
> > RPZ, please ask them to upgrade to 9.10 at least. RPZ in 9.9
> > subscription branch is OK.
> >
> >
> Is RPZ in BIND 9.8 ok to use?  (Using RedHat 9.8.2 plus they backport
> security patches.)

BIND 9.8 is not OK to use according to us for any purpose. It has
reached end-of-life.

Some distros insist on continuing to ship obsolete versions of BIND with
maintenance patches that include mainly publicly known security
bugfixes, but still containing security and other bugs that have long
been fixed in current BIND versions. These distributions have their
reasons to do so, but the point remains that such obsolete versions of
BIND are buggy and unsupported by us.

(What's worse is that such bug reports are sent to us and waste our
developer time which is quite limited as-is, because we have to look at
crash reports and such to ensure that current versions of BIND don't
suffer from it.)

If you are using a non-current version of BIND (currently maintained
public versions are the latest versions in the 9.9, 9.10 and 9.11
series), then:

(a) contact whoever's providing/supporting that package for support.

(b) switch to a current version of BIND (preferred).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <>

More information about the bind-users mailing list